top of page
Search
Writer's pictureStormsec

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Kaspersky has identified the VileRAT malware used in a series of attacks against foreign exchange and cryptocurrency trading companies, as part of a multi-million dollar global cyber-attack campaign.




ADVERSARY: DeathStalker


INDUSTRY: Ics



MALWARE FAMILIES: VileLoader, Stonefly, EVILNUM


ATT&CK IDS: T1027 - Obfuscated Files or Information, T1053 - Scheduled Task/Job, T1056 - Input Capture, T1059 - Command and Scripting Interpreter, T1080 - Taint Shared Content, T1104 - Multi-Stage Channels, T1105 - Ingress Tool Transfer, T1137 - Office Application Startup, T1496 - Resource Hijacking, T1547 - Boot or Logon Autostart Execution, T1564 - Hide Artifacts, T1566 - Phishing


Read More:

1 view

Comments


Commenting has been turned off.
bottom of page